Customer Experience Assurance Viewer - Report

Summary

Project Name: SAMPLE 1

Last Run: 09-Aug-2023 19:13:22 BST

Performance: Good

Accessibility: Violation Found

Security: Vulnerability Found

Omnichannel: Scan done

Active Monitor: Scan done

SEO : Scan done

Performance

URL: https://www.netflix.com/

Browser: Chrome

Region: Local

Last Run: 09-Aug-2023 18:23:07 BST

0-3.4 secs : Fast
3.4-5.8 secs : Moderate
Over 5.8 secs : Slow

Response Time Distribution (ms)

0 0 500 500 1,000 1,000 1,500 1,500 Page load timings
Legend
  • Time to first byte
  • First Contentful Paint
  • Largest Contentful Paint

Screen Rendering - Experience

1174ms

2348ms

3522ms

4696ms

5870ms

7044ms

8218ms

9392ms

10566ms

11740ms

Accessibility

URL: https://www.netflix.com/

Browser: Chrome

Region: Local

Last Run: 09-Aug-2023 18:23:54 BST

Violations By Severity

1
Total
1
High
100%
0
Med
0%
0
Low
0%

Violations By WCAG 2.1 Guidelines

A A AA AA 0 0 5 5 10 10 15 15 9 0 7 14 2 1 2 15
  • Pass
  • Fail
  • Not Available
  • Manual Intervention Needed

Violation Summary

Category
Guideline
Rule-Id
Description
Status
No Of Failed Elements
Impacted Users Group
A Name,Role,Value aria-allowed-attr Each ARIA `role` supports a specific subset of `aria-*` attributes. Mismatching these invalidates the `aria-*` attributes. [Learn more](https://web.dev/aria-allowed-attr/). PASS NA
A Name,Role,Value aria-hidden-body Assistive technologies, like screen readers, work inconsistently when `aria-hidden="true"` is set on the document `<body>`. [Learn more](https://web.dev/aria-hidden-body/). PASS NA
A Name,Role,Value aria-hidden-focus Focusable descendents within an `[aria-hidden="true"]` element prevent those interactive elements from being available to users of assistive technologies like screen readers. [Learn more](https://web.dev/aria-hidden-focus/). PASS NA
A Name,Role,Value aria-required-attr Some ARIA roles have required attributes that describe the state of the element to screen readers. [Learn more](https://web.dev/aria-required-attr/). PASS NA
A Name,Role,Value aria-roles ARIA roles must have valid values in order to perform their intended accessibility functions. [Learn more](https://web.dev/aria-roles/). PASS NA
A Name,Role,Value aria-valid-attr-value Assistive technologies, like screen readers, can't interpret ARIA attributes with invalid values. [Learn more](https://web.dev/aria-valid-attr-value/). PASS NA
A Name,Role,Value aria-valid-attr Assistive technologies, like screen readers, can't interpret ARIA attributes with invalid names. [Learn more](https://web.dev/aria-valid-attr/). PASS NA
A Name,Role,Value button-name When a button doesn't have an accessible name, screen readers announce it as "button", making it unusable for users who rely on screen readers. [Learn more](https://web.dev/button-name/). PASS NA
A Bypass blocks bypass Adding ways to bypass repetitive content lets keyboard users navigate the page more efficiently. [Learn more](https://web.dev/bypass/). PASS NA
AA Contrast color-contrast Low-contrast text is difficult or impossible for many users to read. [Learn more](https://web.dev/color-contrast/). PASS NA
A Page Title document-title The title gives screen reader users an overview of the page, and search engine users rely on it heavily to determine if a page is relevant to their search. [Learn more](https://web.dev/document-title/). PASS NA
A Parsing duplicate-id-active All focusable elements must have a unique `id` to ensure that they're visible to assistive technologies. [Learn more](https://web.dev/duplicate-id-active/). PASS NA
A Parsing duplicate-id-aria The value of an ARIA ID must be unique to prevent other instances from being overlooked by assistive technologies. [Learn more](https://web.dev/duplicate-id-aria/). PASS NA
A Language of page html-has-lang If a page doesn't specify a lang attribute, a screen reader assumes that the page is in the default language that the user chose when setting up the screen reader. If the page isn't actually in the default language, then the screen reader might not announce the page's text correctly. [Learn more](https://web.dev/html-has-lang/). PASS NA
A Language of page html-lang-valid Specifying a valid [BCP 47 language](https://www.w3.org/International/questions/qa-choosing-language-tags#question) helps screen readers announce text properly. [Learn more](https://web.dev/html-lang-valid/). PASS NA
A Non-text content image-alt Informative elements should aim for short, descriptive alternate text. Decorative elements can be ignored with an empty alt attribute. [Learn more](https://web.dev/image-alt/). PASS NA
A Name,Role,Value label Labels ensure that form controls are announced properly by assistive technologies, like screen readers. [Learn more](https://web.dev/label/). PASS NA
A Link purpose link-name Link text (and alternate text for images, when used as links) that is discernible, unique, and focusable improves the navigation experience for screen reader users. [Learn more](https://web.dev/link-name/). PASS NA
A Info and Relationship list Screen readers have a specific way of announcing lists. Ensuring proper list structure aids screen reader output. [Learn more](https://web.dev/list/). PASS NA
A Info and Relationship listitem Screen readers require list items (`<li>`) to be contained within a parent `<ul>` or `<ol>` to be announced properly. [Learn more](https://web.dev/listitem/). PASS NA
AA Resize meta-viewport Disabling zooming is problematic for users with low vision who rely on screen magnification to properly see the contents of a web page. [Learn more](https://web.dev/meta-viewport/). FAIL 1

    Issue 1

  • Label : head > meta
  • Element : <meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0">
  • Selector : head > meta
  • Element Path : 1,HTML,0,HEAD,12,META
AA Language of parts valid-lang Specifying a valid [BCP 47 language](https://www.w3.org/International/questions/qa-choosing-language-tags#question) on elements helps ensure that text is pronounced correctly by a screen reader. [Learn more](https://web.dev/valid-lang/). PASS NA
A Captions (Prerecorded) video-caption When a video provides a caption it is easier for deaf and hearing impaired users to access its information. [Learn more](https://web.dev/video-caption/). PASS NA
Items per page:
1 – 24 of 24

Disclaimer: The Accessibility automated scan reports covers partially of WCAG guidelines

Security

URL: https://www.netflix.com/

Browser: Chrome

Region: Local

Last Run: 09-Aug-2023 18:24:19 BST

Vulnerabilities Identified

3
Total
0
Critical
0%
0
High
0%
0
Med
0%
3
Low
100%

OWASP 2021 Guidelines

A01 A01 A02 A02 A03 A03 A04 A04 A05 A05 A06 A06 A07 A07 A08 A08 A09 A09 A10 A10 0 0 5 5 10 10
  • Pass
  • Fail
A01 - Broken Access Control
A02 - Cryptographic Failures
A03 - Injection
A04 - Insecure Design
A05 - Security Misconfiguration
A06 - Vulnerable and Outdated Components
A07 - Identification and Authentication
A08 - Software and Data Integrity
A09 - Security Logging and Monitoring
A10 - Server Side Request Forgery

Passive Scan Summary

Vulnerability Check
Description
Status
Severity
Exploitable
Impact
Recommendation
Insecure Communication A05 - The application is accessible/ hosted only in HTTP. Hence, the application handles all the sensitive information including the login credentials in plain text

PASS

Critical Easy
Browser Cache Weakness A05 - Browsers can store information for purposes of caching and history. If sensitive information is displayed to the user (such as their address, credit card details, Social Security Number, or username), then this information could be stored for purposes of caching or history, and therefore retrievable through examining the browser's cache or by simply pressing the browser's Back button

PASS

Low Difficult
X-Frame Options A05 - In the application, X-Frame-Options Header is missing

PASS

Low Difficult
X-XSS-Protection A05 - The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

PASS

Low Difficult
HTTP Strict Transport Security A05 - HTTP Strict Transport Security (HSTS) is a mechanism, which protects secure (HTTPS) websites from being downgraded to non-secure HTTP and cookie hijacking. This mechanism enables web servers to instruct their clients (web browsers or other user agents) to use secure HTTPS connections when interacting with the server, and never use the insecure HTTP protocol.

PASS

Low Difficult
X-Content-Type-Options A05 - The X-Content-Type-Options header (with nosniff value) prevents IE from ignoring the content-type of a response

PASS

Low Difficult
Secure Attribute A05 - Cookie does not contain the "secure" attribute, it might also be sent to the site during an unencrypted session

FAIL

Low Difficult

Any information such as cookies, session tokens or user credentials that are sent to the server as clear text, may be stolen and used later for identity theft or user impersonation

Due to the sensitivity of encrypted requests, it is suggested to use HTTP POST (without parameters in the URL string) when possible, in order to avoid the disclosure of URLs and parameter values to others

Http Only A05 - The application failed to include HTTP only attribute.

FAIL

Low Difficult

Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie. the cookie cannot be accessed through client side script.

HttpOnly flag is used to help prevent cross-site scripting, since it does not allow the cookie to be accessed via a client side script such as JavaScript.

Banner Disclosure A05 - The application shows the Server information like web server and its version

PASS

Low Difficult
Content Security Policy A05 - In the application, the Content Security Policy Header is missing.

FAIL

Low Difficult

Attacker can force the browser to load malicious third party resources

Configure your server to send the Content-Security-Policy header

Vulnerable and Outdated JS Libraries A06 - Older version of Java Script libraries used by the application

PASS

Low Difficult
Items per page:
1 – 11 of 11

Disclaimer: The Security automated scan reports are performed only for Passive scan, covering only 2 out of OWASP top 10.

Omnichannel

URL: https://www.netflix.com

Last Run: 18-Jul-2023 09:37:55 BST

Full Page Load Time

Win - Chrome Win - Chrome Win - Edge Win - Edge Win - Firefox Win - Firefox MacOs - Safari MacOs - Safari OS - Browser 0 0 2,000 2,000 4,000 4,000 Time (ms)

HTTP Response Code Errors

Chrome Chrome Edge Edge 0.0 0.0 0.2 0.2 0.4 0.4 0.6 0.6 0.8 0.8 1.0 1.0 Count of Errors
  • 401

Windows - Chrome

114.0.5735.91
image

Windows - Edge

113.0.1774.35
image

Windows - Firefox

113.0
image

Mac Os 13 - Safari

16.1
image

SEO

URL: https://www.netflix.com/

Browser: Chrome

Region: Local

Last Run: 09-Aug-2023 18:24:07 BST

0 - 49 : Poor
50 - 89 : Needs Improvement
90 - 100 : Good

Audit Validations

Pass Pass Fail Fail Not Applicable Not Applicable 0 0 2 2 4 4 6 6 8 8 10 10

SEO Summary

Category
Guideline
Description
Status
No Of Failed Elements
seo-mobile viewport A `<meta name="viewport">` not only optimizes your app for mobile screen sizes, but also prevents [a 300 millisecond delay to user input](https://developers.google.com/web/updates/2013/12/300ms-tap-delay-gone-away). [Learn more](https://web.dev/viewport/). PASS NA
seo-content document-title The title gives screen reader users an overview of the page, and search engine users rely on it heavily to determine if a page is relevant to their search. [Learn more](https://web.dev/document-title/). PASS NA
seo-content image-alt Informative elements should aim for short, descriptive alternate text. Decorative elements can be ignored with an empty alt attribute. [Learn more](https://web.dev/image-alt/). PASS NA
seo-content meta-description Meta descriptions may be included in search results to concisely summarize page content. [Learn more](https://web.dev/meta-description/). PASS NA
seo-crawl http-status-code Pages with unsuccessful HTTP status codes may not be indexed properly. [Learn more](https://web.dev/http-status-code/). PASS NA
seo-content link-text Descriptive link text helps search engines understand your content. [Learn more](https://web.dev/link-text/). PASS NA
seo-crawl crawlable-anchors Search engines may use `href` attributes on links to crawl websites. Ensure that the `href` attribute of anchor elements links to an appropriate destination, so more pages of the site can be discovered. [Learn More](https://support.google.com/webmasters/answer/9112205) PASS NA
seo-crawl is-crawlable Search engines are unable to include your pages in search results if they don't have permission to crawl them. [Learn more](https://web.dev/is-crawable/). FAIL 1
seo-crawl robots-txt If your robots.txt file is malformed, crawlers may not be able to understand how you want your website to be crawled or indexed. [Learn more](https://web.dev/robots-txt/). PASS NA
seo-content hreflang hreflang links tell search engines what version of a page they should list in search results for a given language or region. [Learn more](https://web.dev/hreflang/). PASS NA
seo-content plugins Search engines can't index plugin content, and many devices restrict plugins or don't support them. [Learn more](https://web.dev/plugins/). PASS NA
Items per page:
1 – 11 of 11

Active Monitor

URL: https://www.netflix.com/

Last Run: 09-Aug-2023 19:13:22 BST

Start Time: 09-Aug-2023 19:13:21 BST

Duration: 60 mins

Interval: 10 mins

Active Monitor Load Time

Average Load Time Across Regions